βΌ CVE-2022-31697 βΌ
π Read
via "National Vulnerability Database".
The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41288 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains stack exhaustion vulnerability when parsing a CGM file. An attacker could leverage this vulnerability to crash the application causing denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41280 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20240 βΌ
π Read
via "National Vulnerability Database".
In sOpAllowSystemRestrictionBypass of AppOpsManager.java, there is a possible leak of location information due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-231496105π Read
via "National Vulnerability Database".
βΌ CVE-2022-46355 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The affected products are vulnerable to an "Exposure of Sensitive Information to an Unauthorized Actor" vulnerability by leaking sensitive data in the HTTP Referer.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46348 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19383)π Read
via "National Vulnerability Database".
βΌ CVE-2022-43722 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.π Read
via "National Vulnerability Database".
π΄ Security Flaw in Atlassian Products Affecting Multiple Companies π΄
π Read
via "Dark Reading".
Jira, Confluence,Trello, and BitBucket affected.π Read
via "Dark Reading".
Dark Reading
Security Flaw in Atlassian Products Affecting Multiple Companies
Jira, Confluence,Trello, and BitBucket affected.
β COVID-bit: the wireless spyware trick with an unfortunate name β
π Read
via "Naked Security".
It's not the switching that's the problem, it's the switching of the switching!π Read
via "Naked Security".
Naked Security
COVID-bit: the wireless spyware trick with an unfortunate name
Itβs not the switching thatβs the problem, itβs the switching of the switching!
π΄ Accelerating Vulnerability Identification and Remediation π΄
π Read
via "Dark Reading".
Software teams can now fix bugs faster with faster release cycles, but breach pressure is increasing. Using SBoM and automation will help better detect, prevent, and remediate security issues throughout the software development life cycle.π Read
via "Dark Reading".
Dark Reading
Accelerating Vulnerability Identification and Remediation
Software teams can now fix bugs faster with faster release cycles, but breach pressure is increasing. Using SBOM and automation will help better detect, prevent, and remediate security issues throughout the software development life cycle.
π΄ Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw π΄
π Read
via "Dark Reading".
Citrix issues a critical update as NSA warns that the APT5 threat group is actively trying to target ADC environments.π Read
via "Dark Reading".
Dark Reading
Citrix ADC, Gateway Users Race Against Hackers to Patch Critical Flaw
Citrix issues a critical update as NSA warns that the APT5 threat group is actively trying to target ADC environments.
βΌ CVE-2022-46062 βΌ
π Read
via "National Vulnerability Database".
Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).π Read
via "National Vulnerability Database".
βΌ CVE-2022-45028 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4454 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in m0ver bible-online. Affected by this issue is the function query of the file src/main/java/custom/application/search.java of the component Search Handler. The manipulation leads to sql injection. The name of the patch is 6ef0aabfb2d4ccd53fcaa9707781303af357410e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215444.π Read
via "National Vulnerability Database".
βΌ CVE-2019-25078 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46364 βΌ
π Read
via "National Vulnerability Database".
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27518 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated remote arbitrary code executionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-4456 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in falling-fruit and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 15adb8e1ea1f1c3e3d152fc266071f621ef0c621. It is recommended to apply a patch to fix this issue. VDB-215446 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4455 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in sproctor php-calendar. This affects an unknown part of the file index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. It is recommended to apply a patch to fix this issue. The identifier VDB-215445 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44704 βΌ
π Read
via "National Vulnerability Database".
Microsoft Windows Sysmon Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44702 βΌ
π Read
via "National Vulnerability Database".
Windows Terminal Remote Code Execution Vulnerability.π Read
via "National Vulnerability Database".